Checkmarx · pedrompflopes · Sep 22, 2023 · Sep 20, 2023 · Sep 20, 2023 · Sep 20, 2023
@@ -3,18 +3,22 @@ name: Checkmarx One CLI
 on:
   pull_request:
 
+env:
+  GO_VERSION: '1.21.1'
+
 jobs:
   unit-tests:
     runs-on: ubuntu-latest
     env:
       GOPRIVATE: "github.com/checkmarxDev/*"
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v2.3.4
-      - name: Set up Go 1.17.x
-        uses: actions/setup-go@v2
+        uses: actions/checkout@v4
+      - name: Set up Go version
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.17.x
+          go-version: ${{ env.GO_VERSION }}
+      - run: go version
       - name: Setup git
         run: git config --global url."https://${{ secrets.PERSONAL_ACCESS_TOKEN }}:@github.com/".insteadOf "https://github.com"
       - name: go test with coverage
@@ -40,13 +44,14 @@ jobs:
       GOPRIVATE: "github.com/checkmarxDev/*"
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v4
       - name: Setup git
         run: git config --global url."https://${{ secrets.PERSONAL_ACCESS_TOKEN }}:@github.com/".insteadOf "https://github.com"
-      - name: Set up Go 1.17.x
-        uses: actions/setup-go@v2
+      - name: Set up Go version
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.17.x
+          go-version: ${{ env.GO_VERSION }}
+      - run: go version
       - name: Go Build
         run: go build -o ./bin/cx ./cmd
       - name: Go Integration test
@@ -58,7 +63,7 @@ jobs:
           CX_BASE_AUTH_URI: ${{ secrets.CX_BASE_AUTH_URI }}
           CX_AST_USERNAME: ${{ secrets.CX_AST_USERNAME }}
           CX_AST_PASSWORD: ${{ secrets.CX_AST_PASSWORD }}
-          CX_APIKEY:  ${{ secrets.CX_APIKEY }}
+          CX_APIKEY: ${{ secrets.CX_APIKEY }}
           CX_TENANT: ${{ secrets.CX_TENANT }}
           CX_SCAN_SSH_KEY: ${{ secrets.CX_SCAN_SSH_KEY }}
           PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
@@ -109,11 +114,12 @@ jobs:
     env:
       GOPRIVATE: "github.com/checkmarxDev/*"
     steps:
-      - uses: actions/checkout@v2.3.4
-      - name: Set up Go 1.17.x
+      - uses: actions/checkout@v4
+      - name: Set up Go version
         uses: actions/setup-go@v4
         with:
-          go-version: 1.17.x
+          go-version: ${{ env.GO_VERSION }}
+      - run: go version
       - name: Setup git
         run: git config --global url."https://${{ secrets.PERSONAL_ACCESS_TOKEN }}:@github.com/".insteadOf "https://github.com"
       - name: golangci-lint
@@ -122,3 +128,12 @@ jobs:
           version: v1.54.2
           args: -c .golangci.yml
           only-new-issues: true
+  govulncheck:
+    runs-on: ubuntu-latest
+    name: govulncheck
+    steps:
+      - id: govulncheck
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-input: '1.21.0-rc.4'
+          go-package: ./...
@@ -37,13 +37,13 @@ jobs:
       APPLE_DEVELOPER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
-           fetch-depth: 0
+          fetch-depth: 0
       - name: Install Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
-          go-version: '^1.17.1'
+          go-version: '^1.21.1'
       - name: Import Code-Signing Certificates
         uses: Apple-Actions/import-codesign-certs@v1
         with:

@@ -106,9 +106,13 @@ run:
     - internal/cache
     - internal/renameio
     - internal/robustio
+
+ # In case of linter atoi() erros
+ # go: '^1.21'
+
 # golangci.com configuration
 # https://github.com/golangci/golangci/wiki/Configuration
 service:
-  golangci-lint-version: 1.28.1 # use the fixed version to not introduce new linters unexpectedly
+  golangci-lint-version: 1.54.2 # use the fixed version to not introduce new linters unexpectedly
   prepare:
     - echo "here I can run custom commands, but no preparation needed for this repo"
@@ -1,12 +1,12 @@
 module github.com/checkmarx/ast-cli
 
-go 1.17
+go 1.21.1
 
 require (
 	github.com/MakeNowJust/heredoc v1.0.0
 	github.com/checkmarxDev/gpt-wrapper v0.0.0-20230721160222-85da2fd1cc4c
 	github.com/golang-jwt/jwt v3.2.2+incompatible
-	github.com/gomarkdown/markdown v0.0.0-20221013030248-663e2500819c
+	github.com/gomarkdown/markdown v0.0.0-20230916125811-7478c230c7cd
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/google/uuid v1.3.1
 	github.com/gookit/color v1.5.4
@@ -15,7 +15,7 @@ require (
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/viper v1.16.0
 	github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80
-	golang.org/x/crypto v0.12.0
+	golang.org/x/crypto v0.13.0
 	gotest.tools v2.2.0+incompatible
 )
 
@@ -26,15 +26,15 @@ require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/spf13/afero v1.9.5 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/subosito/gotenv v1.4.2 // indirect
-	github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect
-	golang.org/x/sys v0.11.0 // indirect
-	golang.org/x/text v0.12.0 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
+	golang.org/x/sys v0.12.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )